@undefineds.co/linx 0.2.1

package/dist/lib/codex-plugin/runner.js

@@ -0,0 +1,38 @@
+import { createInterface } from 'node:readline';
+import { createCodexAttachBridge, createCodexAttachSessionRecord, } from './bridge.js';
+export function createCodexAttachRunner(options) {
+    const record = createCodexAttachSessionRecord({
+        workspacePath: options.workspacePath,
+        cwd: options.cwd,
+        backendSessionId: options.backendSessionId,
+        model: options.model,
+        prompt: options.prompt,
+    });
+    const bridge = createCodexAttachBridge(record, options.runtime);
+    const output = options.output ?? process.stdout;
+    const log = options.log ?? process.stderr;
+    const input = options.input ?? process.stdin;
+    async function handleLine(line) {
+        const responses = await bridge.handleCodexRpcLine(line);
+        for (const response of responses) {
+            output.write(`${JSON.stringify(response)}\n`);
+        }
+    }
+    return {
+        record,
+        bridge,
+        async run() {
+            log.write(`[linx] background codex attach active: codex=${options.backendSessionId} linx=${record.id} backend=xpod\n`);
+            const rl = createInterface({
+                input,
+                crlfDelay: Infinity,
+            });
+            for await (const line of rl) {
+                await handleLine(line);
+            }
+            return 0;
+        },
+        handleLine,
+    };
+}
+//# sourceMappingURL=runner.js.map

package/dist/lib/codex-plugin/runner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runner.js","sourceRoot":"","sources":["../../../src/lib/codex-plugin/runner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAC/C,OAAO,EACL,uBAAuB,EACvB,8BAA8B,GAG/B,MAAM,aAAa,CAAA;AA0BpB,MAAM,UAAU,uBAAuB,CAAC,OAAiC;IACvE,MAAM,MAAM,GAAG,8BAA8B,CAAC;QAC5C,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;QAC1C,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAA;IACF,MAAM,MAAM,GAAG,uBAAuB,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;IAC/D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAA;IAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,MAAM,CAAA;IACzC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAA;IAE5C,KAAK,UAAU,UAAU,CAAC,IAAY;QACpC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAA;QACvD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;QAC/C,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM;QACN,MAAM;QACN,KAAK,CAAC,GAAG;YACP,GAAG,CAAC,KAAK,CACP,gDAAgD,OAAO,CAAC,gBAAgB,SAAS,MAAM,CAAC,EAAE,iBAAiB,CAC5G,CAAA;YAED,MAAM,EAAE,GAAG,eAAe,CAAC;gBACzB,KAAK;gBACL,SAAS,EAAE,QAAQ;aACpB,CAAC,CAAA;YAEF,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,EAAE,EAAE,CAAC;gBAC5B,MAAM,UAAU,CAAC,IAAI,CAAC,CAAA;YACxB,CAAC;YAED,OAAO,CAAC,CAAA;QACV,CAAC;QACD,UAAU;KACX,CAAA;AACH,CAAC"}

package/dist/lib/credentials-store.js

@@ -0,0 +1,74 @@
+import { chmodSync, existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { isLinxClientCredentialsSecrets, LINX_CONFIG_FILE_NAME, LINX_HOME_DIRNAME, LINX_SECRETS_FILE_NAME, parseLinxClientConfig, parseLinxClientSecrets, } from '@undefineds.co/models/client';
+function linxDir() {
+    return join(homedir(), LINX_HOME_DIRNAME);
+}
+export function getConfigPath() {
+    return join(linxDir(), LINX_CONFIG_FILE_NAME);
+}
+export function getSecretsPath() {
+    return join(linxDir(), LINX_SECRETS_FILE_NAME);
+}
+function readJson(filePath) {
+    try {
+        return JSON.parse(readFileSync(filePath, 'utf-8'));
+    }
+    catch {
+        return null;
+    }
+}
+function credentialDirs() {
+    return [linxDir()];
+}
+export function saveCredentials(creds) {
+    const dir = linxDir();
+    mkdirSync(dir, { recursive: true });
+    writeFileSync(getConfigPath(), `${JSON.stringify({ url: creds.url, webId: creds.webId, authType: creds.authType }, null, 2)}\n`, 'utf-8');
+    chmodSync(getConfigPath(), 0o644);
+    writeFileSync(getSecretsPath(), `${JSON.stringify(creds.secrets, null, 2)}\n`, 'utf-8');
+    chmodSync(getSecretsPath(), 0o600);
+}
+export function clearCredentials() {
+    for (const path of [getConfigPath(), getSecretsPath()]) {
+        if (existsSync(path)) {
+            unlinkSync(path);
+        }
+    }
+}
+export function isClientCredentials(secrets) {
+    return isLinxClientCredentialsSecrets(secrets);
+}
+export function getClientCredentials(creds) {
+    return isClientCredentials(creds.secrets) ? creds.secrets : null;
+}
+export function getOidcOAuthSecrets(creds) {
+    const secrets = creds.secrets;
+    return 'oidcRefreshToken' in secrets && 'oidcAccessToken' in secrets && 'oidcExpiresAt' in secrets
+        ? secrets
+        : null;
+}
+export function loadCredentials() {
+    for (const sourceDir of credentialDirs()) {
+        const configPath = join(sourceDir, LINX_CONFIG_FILE_NAME);
+        const secretsPath = join(sourceDir, LINX_SECRETS_FILE_NAME);
+        if (!existsSync(configPath) || !existsSync(secretsPath)) {
+            continue;
+        }
+        const config = parseLinxClientConfig(readJson(configPath));
+        const secrets = parseLinxClientSecrets(readJson(secretsPath));
+        if (!config || !secrets) {
+            continue;
+        }
+        return {
+            url: config.url,
+            webId: config.webId,
+            authType: config.authType,
+            sourceDir,
+            secrets,
+        };
+    }
+    return null;
+}
+//# sourceMappingURL=credentials-store.js.map

package/dist/lib/credentials-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials-store.js","sourceRoot":"","sources":["../../src/lib/credentials-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AACnG,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EACL,8BAA8B,EAC9B,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,qBAAqB,EACrB,sBAAsB,GAMvB,MAAM,8BAA8B,CAAA;AAarC,SAAS,OAAO;IACd,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,iBAAiB,CAAC,CAAA;AAC3C,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,qBAAqB,CAAC,CAAA;AAC/C,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,sBAAsB,CAAC,CAAA;AAChD,CAAC;AAED,SAAS,QAAQ,CAAI,QAAgB;IACnC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAM,CAAA;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,SAAS,cAAc;IACrB,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;AACpB,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAgD;IAC9E,MAAM,GAAG,GAAG,OAAO,EAAE,CAAA;IACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IAEnC,aAAa,CACX,aAAa,EAAE,EACf,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAChG,OAAO,CACR,CAAA;IACD,SAAS,CAAC,aAAa,EAAE,EAAE,KAAK,CAAC,CAAA;IAEjC,aAAa,CAAC,cAAc,EAAE,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IACvF,SAAS,CAAC,cAAc,EAAE,EAAE,KAAK,CAAC,CAAA;AACpC,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,KAAK,MAAM,IAAI,IAAI,CAAC,aAAa,EAAE,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;QACvD,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,UAAU,CAAC,IAAI,CAAC,CAAA;QAClB,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAsB;IACxD,OAAO,8BAA8B,CAAC,OAAO,CAAC,CAAA;AAChD,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,KAAwB;IAC3D,OAAO,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAA;AAClE,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAwB;IAC1D,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAA;IAC7B,OAAO,kBAAkB,IAAI,OAAO,IAAI,iBAAiB,IAAI,OAAO,IAAI,eAAe,IAAI,OAAO;QAChG,CAAC,CAAC,OAAO;QACT,CAAC,CAAC,IAAI,CAAA;AACV,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,KAAK,MAAM,SAAS,IAAI,cAAc,EAAE,EAAE,CAAC;QACzC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,qBAAqB,CAAC,CAAA;QACzD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,EAAE,sBAAsB,CAAC,CAAA;QAE3D,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACxD,SAAQ;QACV,CAAC;QAED,MAAM,MAAM,GAAG,qBAAqB,CAAC,QAAQ,CAAU,UAAU,CAAC,CAAC,CAAA;QACnE,MAAM,OAAO,GAAG,sBAAsB,CAAC,QAAQ,CAAU,WAAW,CAAC,CAAC,CAAA;QAEtE,IAAI,CAAC,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACxB,SAAQ;QACV,CAAC;QAED,OAAO;YACL,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS;YACT,OAAO;SACR,CAAA;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC"}

package/dist/lib/default-model.js

@@ -0,0 +1,8 @@
+export const DEFAULT_LINX_CLOUD_MODEL_ID = 'linx-lite';
+export function resolvePreferredLinxCloudModelId(models, fallback = DEFAULT_LINX_CLOUD_MODEL_ID) {
+    const ids = models
+        .map((model) => model.id?.trim())
+        .filter((id) => Boolean(id));
+    return ids.find((id) => id === DEFAULT_LINX_CLOUD_MODEL_ID) ?? ids[0] ?? fallback;
+}
+//# sourceMappingURL=default-model.js.map

package/dist/lib/default-model.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"default-model.js","sourceRoot":"","sources":["../../src/lib/default-model.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,2BAA2B,GAAG,WAAW,CAAA;AAEtD,MAAM,UAAU,gCAAgC,CAC9C,MAA6B,EAC7B,QAAQ,GAAG,2BAA2B;IAEtC,MAAM,GAAG,GAAG,MAAM;SACf,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC;SAChC,MAAM,CAAC,CAAC,EAAE,EAAgB,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAA;IAE5C,OAAO,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,2BAA2B,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAA;AACnF,CAAC"}

package/dist/lib/login-command.js

@@ -0,0 +1,51 @@
+import { listLinxWhoAmIFields, } from '@undefineds.co/models/client';
+import { clearAccountSession, loadAccountSession } from './account-session.js';
+import { clearCredentials } from './credentials-store.js';
+import { ensureBrowserConsentLogin } from './oidc-auth.js';
+import { resolveAccountBaseUrl } from './account-api.js';
+export const loginCommand = {
+    command: 'login',
+    describe: 'Login to LinX cloud in the browser and persist the local OIDC session',
+    builder: (yargs) => yargs
+        .option('url', {
+        alias: 'u',
+        type: 'string',
+        default: resolveAccountBaseUrl(),
+        description: 'Solid / account issuer URL',
+    }),
+    handler: async (argv) => {
+        const result = await ensureBrowserConsentLogin({
+            issuerUrl: argv.url,
+        });
+        process.stdout.write('LinX login successful.\n');
+        process.stdout.write(`server: ${result.url}\n`);
+        process.stdout.write(`webId: ${result.webId}\n`);
+        process.stdout.write('auth: oidc_oauth\n');
+        process.stdout.write(`session: ${result.reusedExistingSession ? 'reused' : 'browser-consent'}\n`);
+        process.exit(0);
+    },
+};
+export const logoutCommand = {
+    command: 'logout',
+    describe: 'Remove LinX cloud session and local credentials',
+    handler: async () => {
+        clearAccountSession();
+        clearCredentials();
+        process.stdout.write('Logged out. Local LinX credentials removed.\n');
+    },
+};
+export const whoamiCommand = {
+    command: 'whoami',
+    describe: 'Show the current LinX login identity',
+    builder: (yargs) => yargs.option('verbose', { type: 'boolean', default: false }),
+    handler: async (argv) => {
+        const account = loadAccountSession();
+        if (!account) {
+            throw new Error('Not logged in. Run `linx login` first.');
+        }
+        for (const field of listLinxWhoAmIFields(account, { verbose: argv.verbose })) {
+            process.stdout.write(`${field.key}: ${field.value}\n`);
+        }
+    },
+};
+//# sourceMappingURL=login-command.js.map

package/dist/lib/login-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login-command.js","sourceRoot":"","sources":["../../src/lib/login-command.ts"],"names":[],"mappings":"AACA,OAAO,EACL,oBAAoB,GACrB,MAAM,8BAA8B,CAAA;AACrC,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AAC9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AACzD,OAAO,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAA;AAC1D,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AAUxD,MAAM,CAAC,MAAM,YAAY,GAAqC;IAC5D,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE,uEAAuE;IACjF,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,KAAK,EAAE;QACb,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,qBAAqB,EAAE;QAChC,WAAW,EAAE,4BAA4B;KAC1C,CAAC;IACN,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC;YAC7C,SAAS,EAAE,IAAI,CAAC,GAAG;SACpB,CAAC,CAAA;QAEF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QAChD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,MAAM,CAAC,GAAG,IAAI,CAAC,CAAA;QAC/C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,MAAM,CAAC,KAAK,IAAI,CAAC,CAAA;QAChD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAA;QAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,MAAM,CAAC,qBAAqB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,iBAAiB,IAAI,CAAC,CAAA;QACjG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;CACF,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAkB;IAC1C,OAAO,EAAE,QAAQ;IACjB,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,KAAK,IAAI,EAAE;QAClB,mBAAmB,EAAE,CAAA;QACrB,gBAAgB,EAAE,CAAA;QAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAA;IACvE,CAAC;CACF,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAsC;IAC9D,OAAO,EAAE,QAAQ;IACjB,QAAQ,EAAE,sCAAsC;IAChD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAChF,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAA;QACpC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAA;QAC3D,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,oBAAoB,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;YAC7E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,KAAK,KAAK,CAAC,KAAK,IAAI,CAAC,CAAA;QACxD,CAAC;IACH,CAAC;CACF,CAAA"}

package/dist/lib/models.js

@@ -0,0 +1,6 @@
+import { XPOD_AI, XPOD_CREDENTIAL, aiConfigModelUri, aiConfigProviderUri, aiModelTable, aiProviderTable, buildAIConfigMutationPlan, buildAIConfigProviderStateMap, buildWatchThreadMetadata, buildWatchTranscriptMessages, credentialTable, ContactType, agentTable, chatTable, contactTable, drizzle, eq, getAIConfigProviderFamilyIds, getAIConfigProviderMetadata, getDefaultAIConfigCredentialId, getBuiltinModels as getSharedBuiltinModels, findPodRowByStorageId, initSolidTables, whereByPodStorageId, solidSchema, messageTable, sessionTable, normalizeAIConfigProviderId, normalizeAIConfigResourceId, sameAIConfigProviderFamily, sessionRepository, threadTable, } from '@undefineds.co/models';
+export { ContactType, agentTable, aiConfigModelUri, aiConfigProviderUri, aiModelTable, aiProviderTable, buildAIConfigMutationPlan, buildAIConfigProviderStateMap, buildWatchThreadMetadata, buildWatchTranscriptMessages, chatTable, contactTable, credentialTable, drizzle, eq, getAIConfigProviderFamilyIds, getAIConfigProviderMetadata, getDefaultAIConfigCredentialId, findPodRowByStorageId, solidSchema, initSolidTables, whereByPodStorageId, messageTable, sessionTable, normalizeAIConfigProviderId, normalizeAIConfigResourceId, sameAIConfigProviderFamily, sessionRepository, threadTable, XPOD_AI, XPOD_CREDENTIAL, };
+export function getBuiltinModels() {
+    return getSharedBuiltinModels();
+}
+//# sourceMappingURL=models.js.map

package/dist/lib/models.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"models.js","sourceRoot":"","sources":["../../src/lib/models.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,OAAO,EACP,eAAe,EACf,gBAAgB,EAChB,mBAAmB,EACnB,YAAY,EACZ,eAAe,EACf,yBAAyB,EACzB,6BAA6B,EAC7B,wBAAwB,EACxB,4BAA4B,EAC5B,eAAe,EACf,WAAW,EACX,UAAU,EACV,SAAS,EACT,YAAY,EACZ,OAAO,EACP,EAAE,EACF,4BAA4B,EAC5B,2BAA2B,EAC3B,8BAA8B,EAC9B,gBAAgB,IAAI,sBAAsB,EAC1C,qBAAqB,EACrB,eAAe,EACf,mBAAmB,EACnB,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,2BAA2B,EAC3B,2BAA2B,EAC3B,0BAA0B,EAC1B,iBAAiB,EACjB,WAAW,GAmBZ,MAAM,uBAAuB,CAAA;AAE9B,OAAO,EACL,WAAW,EACX,UAAU,EACV,gBAAgB,EAChB,mBAAmB,EACnB,YAAY,EACZ,eAAe,EACf,yBAAyB,EACzB,6BAA6B,EAC7B,wBAAwB,EACxB,4BAA4B,EAC5B,SAAS,EACT,YAAY,EACZ,eAAe,EACf,OAAO,EACP,EAAE,EACF,4BAA4B,EAC5B,2BAA2B,EAC3B,8BAA8B,EAC9B,qBAAqB,EACrB,WAAW,EACX,eAAe,EACf,mBAAmB,EACnB,YAAY,EACZ,YAAY,EACZ,2BAA2B,EAC3B,2BAA2B,EAC3B,0BAA0B,EAC1B,iBAAiB,EACjB,WAAW,EACX,OAAO,EACP,eAAe,GAChB,CAAA;AAsBD,MAAM,UAAU,gBAAgB;IAC9B,OAAO,sBAAsB,EAAE,CAAA;AACjC,CAAC"}

package/dist/lib/oidc-auth.js

@@ -0,0 +1,451 @@
+import { createServer } from 'node:http';
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { EVENTS, getSessionFromStorage, refreshSession, Session, } from '@inrupt/solid-client-authn-node';
+import { isLinxOidcOAuthSecrets, resolveLinxCloudAccountBaseUrl } from '@undefineds.co/models/client';
+import { saveAccountSession } from './account-session.js';
+import { loadCredentials, saveCredentials } from './credentials-store.js';
+import { createOidcSessionStorage } from './oidc-session-storage.js';
+const execFileAsync = promisify(execFile);
+const DEFAULT_CALLBACK_HOST = '127.0.0.1';
+const DEFAULT_CALLBACK_PATH = '/auth/callback';
+const DEFAULT_CLIENT_NAME = 'LinX CLI';
+export async function ensureBrowserConsentLogin(options = {}) {
+    const reused = await reuseExistingBrowserConsentLogin(options).catch(() => null);
+    if (reused) {
+        return {
+            ...reused,
+            reusedExistingSession: true,
+        };
+    }
+    const fresh = await loginWithBrowserConsent(options);
+    return {
+        ...fresh,
+        reusedExistingSession: false,
+    };
+}
+export async function loginWithBrowserConsent(options = {}) {
+    const storage = createOidcSessionStorage();
+    const session = new Session({
+        storage,
+        keepAlive: false,
+    }, `linx-cli-oidc-${Date.now()}`);
+    const baseUrl = resolveLinxCloudAccountBaseUrl(options.issuerUrl);
+    let latestTokenSet = null;
+    session.events.on(EVENTS.NEW_TOKENS, (tokenSet) => {
+        latestTokenSet = tokenSet;
+    });
+    await withCallbackServer(options.callbackHost ?? DEFAULT_CALLBACK_HOST, options.callbackPath ?? DEFAULT_CALLBACK_PATH, async (callbackUrl) => {
+        let redirectSeen = false;
+        await session.login({
+            oidcIssuer: baseUrl.replace(/\/$/, ''),
+            redirectUrl: callbackUrl,
+            clientName: options.clientName ?? DEFAULT_CLIENT_NAME,
+            handleRedirect: async (url) => {
+                redirectSeen = true;
+                options.onAuthUrl?.(url);
+                if (options.openBrowser) {
+                    await options.openBrowser(url);
+                }
+                else if (!options.onAuthUrl) {
+                    await openBrowser(url);
+                }
+            },
+            tokenType: 'Bearer',
+        });
+        if (!redirectSeen) {
+            throw new Error('OIDC login did not produce a browser redirect URL');
+        }
+    }, async (requestUrl) => {
+        await session.handleIncomingRedirect(requestUrl);
+    }, options.manualRedirectUrl);
+    if (!session.info.isLoggedIn || !session.info.webId) {
+        throw new Error('Login did not complete successfully');
+    }
+    const tokenSet = latestTokenSet;
+    if (!tokenSet?.refreshToken) {
+        throw new Error('OIDC login completed without a refresh token');
+    }
+    const result = {
+        url: baseUrl,
+        webId: session.info.webId,
+        tokenSet,
+        credentialsToSave: serializeOidcCredentials(baseUrl, session.info.webId, tokenSet),
+    };
+    persistBrowserLoginResult(result);
+    return result;
+}
+export async function getOidcAccessToken(credentials) {
+    if (credentials.authType !== 'oidc_oauth' || !isLinxOidcOAuthSecrets(credentials.secrets)) {
+        return null;
+    }
+    const secrets = credentials.secrets;
+    if (!secrets.oidcAccessToken) {
+        return refreshStoredOidcSession(credentials, secrets);
+    }
+    const expiresAt = secrets.oidcExpiresAt ? new Date(secrets.oidcExpiresAt).getTime() : 0;
+    if (!Number.isFinite(expiresAt) || expiresAt <= Date.now() + 60_000) {
+        return refreshStoredOidcSession(credentials, secrets);
+    }
+    return secrets.oidcAccessToken;
+}
+export function serializeOidcCredentials(url, webId, tokenSet) {
+    return {
+        url,
+        webId,
+        authType: 'oidc_oauth',
+        secrets: {
+            oidcRefreshToken: tokenSet.refreshToken ?? '',
+            oidcAccessToken: tokenSet.accessToken ?? '',
+            oidcExpiresAt: tokenSet.expiresAt
+                ? new Date(tokenSet.expiresAt * 1000).toISOString()
+                : new Date().toISOString(),
+            oidcClientId: tokenSet.clientId,
+        },
+    };
+}
+async function withCallbackServer(host, pathname, startLogin, onCallback, manualRedirectUrl) {
+    const server = createServer();
+    const sockets = new Set();
+    server.on('connection', (socket) => {
+        sockets.add(socket);
+        socket.on('close', () => {
+            sockets.delete(socket);
+        });
+    });
+    const callbackPromise = new Promise((resolve, reject) => {
+        server.on('request', (req, res) => {
+            const currentUrl = new URL(req.url ?? '/', `http://${host}`);
+            if (currentUrl.pathname !== pathname) {
+                res.statusCode = 404;
+                res.end('Not found');
+                return;
+            }
+            const address = server.address();
+            if (!address || typeof address === 'string') {
+                reject(new Error('Local callback server is not bound to a TCP port'));
+                return;
+            }
+            const absoluteUrl = `http://${host}:${address.port}${currentUrl.pathname}${currentUrl.search}`;
+            onCallback(absoluteUrl)
+                .then(() => {
+                res.statusCode = 200;
+                res.setHeader('Content-Type', 'text/html; charset=utf-8');
+                res.setHeader('Connection', 'close');
+                res.end(renderCallbackPage({
+                    title: 'LinX Cloud connected',
+                    description: 'Authentication is complete. You can return to your terminal.',
+                    tone: 'success',
+                }));
+                server.closeIdleConnections?.();
+                server.closeAllConnections?.();
+                resolve();
+            })
+                .catch((error) => {
+                res.statusCode = 500;
+                res.setHeader('Content-Type', 'text/html; charset=utf-8');
+                res.setHeader('Connection', 'close');
+                res.end(renderCallbackPage({
+                    title: 'LinX login failed',
+                    description: error instanceof Error ? error.message : String(error),
+                    tone: 'error',
+                }));
+                server.closeIdleConnections?.();
+                server.closeAllConnections?.();
+                reject(error);
+            });
+        });
+    });
+    await new Promise((resolve, reject) => {
+        server.once('error', reject);
+        server.listen(0, host, () => resolve());
+    });
+    try {
+        const address = server.address();
+        if (!address || typeof address === 'string') {
+            throw new Error('Failed to allocate local callback server port');
+        }
+        const callbackUrl = `http://${host}:${address.port}${pathname}`;
+        await startLogin(callbackUrl);
+        await Promise.race([
+            callbackPromise,
+            waitForManualRedirect(onCallback, manualRedirectUrl),
+        ]);
+    }
+    finally {
+        server.closeIdleConnections?.();
+        server.closeAllConnections?.();
+        for (const socket of sockets) {
+            try {
+                socket.destroy();
+            }
+            catch { }
+        }
+        await new Promise((resolve) => server.close(() => resolve()));
+    }
+}
+function renderCallbackPage(input) {
+    const escapedTitle = escapeHtml(input.title);
+    const escapedDescription = escapeHtml(input.description);
+    const accent = input.tone === 'success' ? '#0f8f63' : '#b42318';
+    const softAccent = input.tone === 'success' ? '#e8f7f0' : '#fff1f0';
+    const icon = input.tone === 'success' ? '✓' : '!';
+    return `<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>${escapedTitle}</title>
+  <style>
+    :root {
+      color-scheme: light;
+      --bg: #f7f3eb;
+      --card: rgba(255, 255, 255, 0.82);
+      --ink: #1d211f;
+      --muted: #68706b;
+      --line: rgba(44, 58, 49, 0.14);
+      --accent: ${accent};
+      --soft-accent: ${softAccent};
+    }
+    * { box-sizing: border-box; }
+    body {
+      margin: 0;
+      min-height: 100vh;
+      display: grid;
+      place-items: center;
+      padding: 32px;
+      color: var(--ink);
+      font-family: ui-sans-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+      background:
+        radial-gradient(circle at 20% 20%, rgba(15, 143, 99, 0.16), transparent 34%),
+        radial-gradient(circle at 80% 10%, rgba(217, 164, 65, 0.22), transparent 30%),
+        linear-gradient(135deg, #fbf7ef 0%, #edf4ef 100%);
+    }
+    .card {
+      width: min(520px, 100%);
+      padding: 34px;
+      border: 1px solid var(--line);
+      border-radius: 28px;
+      background: var(--card);
+      box-shadow: 0 24px 80px rgba(33, 41, 37, 0.16);
+      backdrop-filter: blur(14px);
+    }
+    .brand {
+      display: flex;
+      align-items: center;
+      gap: 12px;
+      margin-bottom: 28px;
+      color: var(--muted);
+      font-size: 13px;
+      font-weight: 700;
+      letter-spacing: 0.12em;
+      text-transform: uppercase;
+    }
+    .mark {
+      width: 36px;
+      height: 36px;
+      display: grid;
+      place-items: center;
+      border-radius: 12px;
+      color: white;
+      background: #24362c;
+      letter-spacing: 0;
+      font-size: 15px;
+    }
+    .status {
+      width: 56px;
+      height: 56px;
+      display: grid;
+      place-items: center;
+      border-radius: 20px;
+      margin-bottom: 20px;
+      color: var(--accent);
+      background: var(--soft-accent);
+      font-size: 28px;
+      font-weight: 800;
+    }
+    h1 {
+      margin: 0;
+      font-size: clamp(28px, 5vw, 40px);
+      line-height: 1.05;
+      letter-spacing: -0.04em;
+    }
+    p {
+      margin: 14px 0 0;
+      color: var(--muted);
+      font-size: 16px;
+      line-height: 1.6;
+    }
+    .hint {
+      margin-top: 28px;
+      padding: 14px 16px;
+      border-radius: 16px;
+      background: rgba(36, 54, 44, 0.06);
+      color: #3d4942;
+      font-size: 13px;
+    }
+  </style>
+</head>
+<body>
+  <main class="card">
+    <div class="brand"><div class="mark">Lx</div><span>LinX Cloud</span></div>
+    <div class="status">${icon}</div>
+    <h1>${escapedTitle}</h1>
+    <p>${escapedDescription}</p>
+    <div class="hint">This local callback page is safe to close. Your terminal session will continue automatically.</div>
+  </main>
+  <script>
+    setTimeout(() => { window.close(); }, 1200);
+  </script>
+</body>
+</html>`;
+}
+async function reuseExistingBrowserConsentLogin(options) {
+    const stored = loadCredentials();
+    if (!stored || stored.authType !== 'oidc_oauth') {
+        return null;
+    }
+    if (!isLinxOidcOAuthSecrets(stored.secrets) || !stored.secrets.oidcRefreshToken) {
+        return null;
+    }
+    const requestedIssuer = resolveLinxCloudAccountBaseUrl(options.issuerUrl);
+    const storedIssuer = resolveLinxCloudAccountBaseUrl(stored.url);
+    if (requestedIssuer !== storedIssuer) {
+        return null;
+    }
+    const accessToken = await getOidcAccessToken(stored);
+    if (!accessToken || !isLinxOidcOAuthSecrets(stored.secrets)) {
+        return null;
+    }
+    return {
+        url: stored.url,
+        webId: stored.webId,
+        tokenSet: {
+            issuer: stored.url.replace(/\/$/, ''),
+            clientId: stored.secrets.oidcClientId ?? DEFAULT_CLIENT_NAME,
+            refreshToken: stored.secrets.oidcRefreshToken,
+            accessToken,
+            webId: stored.webId,
+            expiresAt: stored.secrets.oidcExpiresAt
+                ? Math.floor(new Date(stored.secrets.oidcExpiresAt).getTime() / 1000)
+                : undefined,
+        },
+        credentialsToSave: stored,
+    };
+}
+function persistBrowserLoginResult(result) {
+    saveCredentials(result.credentialsToSave);
+    saveAccountSession({
+        url: result.url,
+        email: 'browser-consent',
+        token: 'oidc-session',
+        webId: result.webId,
+        createdAt: new Date().toISOString(),
+    });
+}
+async function refreshStoredOidcSession(credentials, secrets) {
+    const storage = createOidcSessionStorage();
+    const sessionId = await resolveStoredOidcSessionId(storage, credentials.webId, credentials.url);
+    if (!sessionId) {
+        return null;
+    }
+    const session = await getSessionFromStorage(sessionId, {
+        storage,
+        refreshSession: false,
+    });
+    if (!session) {
+        return null;
+    }
+    let refreshedTokenSet = null;
+    session.events.on(EVENTS.NEW_TOKENS, (tokenSet) => {
+        refreshedTokenSet = tokenSet;
+    });
+    await refreshSession(session, { storage });
+    const nextTokenSet = refreshedTokenSet;
+    if (!nextTokenSet?.accessToken) {
+        return null;
+    }
+    secrets.oidcRefreshToken = nextTokenSet.refreshToken ?? secrets.oidcRefreshToken;
+    secrets.oidcAccessToken = nextTokenSet.accessToken;
+    secrets.oidcExpiresAt = nextTokenSet.expiresAt
+        ? new Date(nextTokenSet.expiresAt * 1000).toISOString()
+        : secrets.oidcExpiresAt;
+    secrets.oidcClientId = nextTokenSet.clientId ?? secrets.oidcClientId;
+    saveCredentials({
+        url: credentials.url,
+        webId: session.info.webId ?? credentials.webId,
+        authType: 'oidc_oauth',
+        secrets,
+    });
+    saveAccountSession({
+        url: credentials.url,
+        email: 'browser-consent',
+        token: 'oidc-session',
+        webId: session.info.webId ?? credentials.webId,
+        createdAt: new Date().toISOString(),
+    });
+    return nextTokenSet.accessToken;
+}
+async function resolveStoredOidcSessionId(storage, webId, issuerUrl) {
+    const raw = await storage.get('solidClientAuthn:registeredSessions');
+    if (!raw) {
+        return null;
+    }
+    let sessionIds = [];
+    try {
+        const parsed = JSON.parse(raw);
+        if (Array.isArray(parsed)) {
+            sessionIds = parsed.filter((value) => typeof value === 'string');
+        }
+    }
+    catch {
+        return null;
+    }
+    const normalizedIssuer = issuerUrl.replace(/\/+$/, '');
+    for (const sessionId of [...sessionIds].reverse()) {
+        const stored = await storage.get(`solidClientAuthenticationUser:${sessionId}`);
+        if (!stored) {
+            continue;
+        }
+        try {
+            const parsed = JSON.parse(stored);
+            const sessionWebId = typeof parsed.webId === 'string' ? parsed.webId : null;
+            const sessionIssuer = typeof parsed.issuer === 'string' ? parsed.issuer.replace(/\/+$/, '') : null;
+            if (sessionWebId === webId && sessionIssuer === normalizedIssuer) {
+                return sessionId;
+            }
+        }
+        catch {
+            continue;
+        }
+    }
+    return null;
+}
+function escapeHtml(value) {
+    return value
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;')
+        .replace(/'/g, '&#39;');
+}
+async function waitForManualRedirect(onCallback, manualRedirectUrl) {
+    if (!manualRedirectUrl) {
+        await new Promise(() => undefined);
+        return;
+    }
+    const requestUrl = await manualRedirectUrl();
+    await onCallback(requestUrl);
+}
+async function openBrowser(url) {
+    if (process.platform === 'darwin') {
+        await execFileAsync('open', [url]);
+        return;
+    }
+    if (process.platform === 'win32') {
+        await execFileAsync('cmd', ['/c', 'start', '', url]);
+        return;
+    }
+    await execFileAsync('xdg-open', [url]);
+}
+//# sourceMappingURL=oidc-auth.js.map